Deasy said his office is running “a lot of pilots” to improve the security of the Commercial Virtual Remote Environment that has supported more than a million users working remotely during the coronavirus pandemic.
The CVR Environment uses the cloud-based Microsoft Teams collaboration tool, allowing users to work together on documents, text chat and video chat. While it supports more than a million users, it remains at an Impact Level 2, the minimal level of security compliance for the DOD. Deasy hopes to get CVR to Impact Level 5 to support classified remote work.
“We are confident we will rise to the challenge by leveraging our innovative ecosystem,” Deasy said. He added that every day, DOD systems face attacks from adversaries — threats his office and others are working to halt. “When you move to cloud…the adversary is going to pivot and try to exploit,” he said.
Cloud, cloud, cloud
As it has for years now, the DOD’s move to the cloud continues to be a top area of focus for the CIO’s office.
In addition to the work to support CVR, Deasy also mentioned the high-profile Joint Enterprise Defense Infrastructure (JEDI) cloud contract, adding that DOD expects to re-announce the final award of the $10 billion deal by the end of August. The acquisition has been held up in the courts with protests since it was awarded last fall. The DOD is currently taking corrective action on the contract after Amazon challenged several parts of the deal, including the department’s evaluation of a pricing scenario for online cloud storage.
While JEDI could be a $10 billion cloud deal if it reaches its ceiling, it would not be DOD’s only cloud contract. Deasy said he always intended DOD to be a “multi-cloud environment.”
Other cloud-based initiatives the DOD is working on include a new communications system that will link not only across military services, but across nations. Deasy described the Mission Partner Environment as the new way the U.S. and its allies could communicate with each other, come fiscal 2028. There already are high-level users working on the system, but scaling it across countries will take time, Deasy said.
“This is the next generation of how we fight and communicate with our allied partners,” he said.
Deasy also briefly mentioned a solicitation industry should expect to be published by the end of the fiscal year on a “5G cloud architecture.”
A new way to code
The DOD also has a new enterprise system for DevSecOps thanks to Air Force’s success in the area.
The department recently designated the Air Force’s Platform One as an enterprise DevSecOps for military coders across the DOD to create and share software with security practices baked in from the start, Deasy said.
The CIO’s and other technology offices are working to fill the environment with “code blueprints,” Deasy said. The idea is to mirror the open-source software community by pooling basic code and linking application program interfaces (APIs) that military developers can use to securely make new products.
“The Air Force has truly matured this vision” of bringing DevSecOps into the DOD, Deasy said.
The blueprints will also pull code form public platforms. Deasy said this mimics successful software companies that rely on sharing resources rather than starting from scratch. He said the blueprints will finally get “agile” into the DOD, which oversight reports have said is lacking.
“Technologists that develop great code … they want to share their code,” Deasy said.